Hi Jonathan, On Wed, Aug 25, 2021 at 11:27 PM Raphael Hertzog <hert...@debian.org> wrote: > it would be nice if we could get an update of debian-archive-keyring > in stretch to add the bullseye key just like it has been done in buster a > while ago: > https://tracker.debian.org/news/1236764/accepted-debian-archive-keyring-20191deb10u1-source-all-into-proposed-updates-stable-new-proposed-updates/
Whilst prepping an update for stretch, I cherry-picked the following commits from the salsa repository w cross-checking the update as proposed via #985371: 464dc87f2dc7d5ef84150a1fe5b326ba9bb5174e -> Add automatic signing keys for bullseye. 379aebbdf44d2fa9bde4eb5904c9e860cd13eb28 -> Add Debian Stable Release Key (11/bullseye). 74d1b0366c01b1b4653b5eba24f751655c25bb96 -> Refresh signatures over keyrings/debian-archive-keyring.gpg (and not keyrings/debian-archive-removed-keys.gpg since I'm not removing any keys in this update). With these 3 commits, I tried to build the package and it failed with the following error: 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8< gpg --no-options --no-default-keyring --no-auto-check-trustdb --trustdb-name ./trustdb.gpg \ --keyring keyrings/team-members.gpg \ --verify active-keys/index.gpg active-keys/index gpg: Signature made Wed Feb 24 20:38:18 2021 UTC gpg: using RSA key 0032DDC8B18C9DE1989FC76D44D32AB5FA26F8C9 gpg: ./trustdb.gpg: trustdb created gpg: BAD signature from "Jonathan Wiltshire <j...@debian.org>" [expired] Makefile:9: recipe for target 'verify-indices' failed 8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8< I then also cherry-picked 0b6a54a5302793954af9659a399e76169281b98b, that is, updating your key. But it still failed with the same error. I am not sure what's up? Do you have an idea what's happening? TIA! - u
